lenny said:
No I am afraid not. So what should I do now?
It's imperative that the first thing you do is make a copy of the drive
for safekeeping, or else you risk losing everything.
Do you have a Desktop PC available?
If so, the first thing I'd do is buy an adapter (approx $10 at CompUSA)
and mount the old laptop disk in a Desktop PC with a large hard drive
(enough free space to hold the entire contents of the laptop's hard
drive) and copy all the files to the Desktop's PC hard drive for
safekeeping.
To mount the laptop drive in the Desktop PC, you'll need to open up the
PC and be familiar with the connectors associated with mounting a hard
drive inside the case. You may also need to set jumpers on the laptop's
drive. Are you comfortable with that?
If you use Windows Explorer for the copy task, before you start, go into
Tools > Options > View, check Show hidden files and folders and uncheck
Hide protected operating system files. Make sure you are logged into a
user that is a member of the Administrators group on the Desktop PC.
Once you have that copy made, it may be possible to simply copy a known
good version of LSASS.EXE over the top of the corrupted LSASS.EXE on the
laptop drive. Reinstall the drive in the laptop and see if you can boot.
If that doesn't work, then I think your only remaining option is to
reinstall the O/S on the laptop drive from the CD - make sure you
reformat the entire drive (do not choose Quick Format) during the
Windows reinstall process.
Once the O/S is installed and the accts created, you can then copy the
data you saved from the Desktop PC - that will get you back saved
e-mail, contacts, My Documents and subfolders, but you will have to
reinstall all your 3rd party s/w.
By the way, once you're gotten yourself out of this mess, if the laptop
is running XP Pro, you can use the Windows Backup facility to make
backups to either an external drive or a separate partition (you'll need
to make this decision at XP Install time, when you partition and format
the hard drive).
Good luck.
Oh, one more thing ... if you can, get in the habit of logging into a
limited acct and doing all your work from there, not a fully privileged
acct. Running within a limited acct would have prevented this ...
limited users cannot modify LSASS.EXE (Users only has Read & Execute)
And start running a good AV that will catch Sasser!